Thanks Jeffrey, now lot of things became clearer :-)
But to solve this incident; since automatic renew in NiM do not work
but kinit -R && aklog does work for the API cache, we are planning to
add this to the Task Scheduler. Do you see any problem with doing it
like this?
-- Ragge
On 04/20/2012 03:40 PM, Jeffrey Altman wrote:
Anders:
If you configure the default credential cache to be MSLSA: then the LSA
credentials will be used.
The functionality (an explorer shell logon hook) that was used to copy
credentials at logon no longer exists on Vista and later versions of
the operating system. Since the functionality does not exist, the
functions exported from kfwlogon.dll do not get executed and no
Kerberos tickets can be copied in to the API: credential cache.
I have plans to build a new in kernel credential cache mechanism using
the AFS Authentication Groups available in the 1.7.x series. I have no
available resources at the moment to implement it and I can't make a
commitment as to when I will.
At the moment afslogon.dll will obtain a new AFS token at logon, but it
will not be renewable.
Jeffrey Altman
On Friday, April 20, 2012 9:25:13 AM, Anders Magnusson wrote:
Yes, I have seen that, but that do not explain the behaviour since I
have no wish to fetch thingd from MSLSA.
Integrated logon works, but fetching new krbtgt at unlock of the login
window does not.
And BTW, importing tickets from MSLSA to API seems to work (pressing
import button).
-- Ragge
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
